An E-mail attack, also called an “E-mail Bomb,” is a means to attack an electronic mail (E-mail) mail box (E-mail box for short hereinafter) by continuously sending an E-mail spam to a target E-mail box within a short time so that a capacity of the target E-mail box reaches an upper limit, thereby leaving no extra space for accommodating a new E-mail. Moreover, when an E-mail attack occurs, transmission of an E-mail spam in a network consumes a great many network resources. This may lead to network congestion, causing many other E-mail boxes to fail to receive and send E-mails normally, and at the same time imposing a burden on an E-mail server.
When an E-mail attack occurs, exceptions usually appear in E-mail traffic received by the E-mail server. In general, an E-mail server receives an E-mail through a specific port (for example, a port 25), so when it is detected whether an E-mail attack occurs, statistics are usually collected on traffic for the specific port of the E-mail server, and when the E-mail traffic within a certain time exceeds a preset traffic threshold, it is deemed that an E-mail attack occurs and the traffic of the specific port of the E-mail server will be limited.
However, when this manner of detecting an E-mail attack is used, the specific port of the E-mail server also receives other data in addition to receiving E-mails. Therefore, when statistics are collected on the traffic of the specific port of the E-mail server, the traffic on which statistics are collected may include traffic of other data, for example, command data, in addition to the E-mail traffic. Consequently, a detection result of the E-mail attack is inaccurate, so it is impossible to correctly limit and handle the E-mail attack.